authentication – What happens if a secure token is provided to a trusted party that gets compromised

Take for example – AWS STS token or JWT tokens.

Let’s say node A got a token for accessing a resource of account X on behalf of account X. Access includes read/write privileges.

Let’s say few minutes later the node A got compromised.

Nothing else knows that A got compromised.

Question Account X is also compromised now. Correct?

Question We will continue to provide renewed tokens to access account X to node A because we have not detected that node A is compromised yet. Correct?

Question What should we do to detect that node A is compromised?